Introduction Flashcards

1
Q

What are the two main approaches to information security?

A

The ability to resist certain threats, and the maintenance of objectives for the resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Threats can give rise to what?

A

Violations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the three types of security violation?

A

Unauthorised information release, Unauthorised information modification and unauthorised denial of use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Security violations can occur because of what three things?

A

Inadequate physical controls, inadequate controls within a computer system and inadequate controls for communications networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a vulnerability?

A

A vulnerability is a flaw in design or implementation of a system that could lead to a security violation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

In order to exploit a vulnerability, what must be assumed of attackers?

A

Attackers must know about the vulnerability and must be able to exploit the vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the two main types of attacker?

A

Insider attacker and Outsider attacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the CIA triad?

A

Confidentiality, prevention of unauthorised information release, Integrity, prevention of unauthorised information modification, and Availability, prevention of unauthorised denial of use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What can security be defined as in accordance with the CIA triad?

A

Security can be defined as meeting the CIA triad’s goals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

When is a security goal from the CIA triad met?

A

A security goal is met if and when the corresponding security violation does not occur

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Why is achieving a security goal difficult?

A

It is difficult to anticipate every way an attacker can cause a security violation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is confidentiality?

A

Confidentiality is about preventing users from reading information they are not supposed to

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is integrity?

A

Integrity is ensuring that all information has been kept the way it is meant to be

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is availability?

A

Availability is ensuring that services are accessible on demand for authorised users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is accountability?

A

Accountability is holding users accountable for all of their actions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is reliability?

A

Reliability is ensuring that the service remains consistent

17
Q

What is a security event?

A

A security event is an occurrence in a system which may indicate a security violation

18
Q

What is security event management?

A

Security event management is putting in place a defined procedure for reporting and managing security events

19
Q

What is data privacy?

A

The notion of protecting someone’s Personally Identifiable Information (PII)

20
Q

What is the difference between computer security and network security?

A

Computer security is protection of data stored in memory, while network security is protection of data in transit

21
Q

What is a security policy?

A

A policy is the ‘intentions and direction of an organisation as formally expressed by its top management’. A security policy is a policy that ‘includes security objectives or provides the framework for setting information security objectives’

22
Q

What are security objectives?

A

Security objectives are the goals of the information security management system related to the assets of an organisation and the criticality of the assets

23
Q

What are security controls?

A

A security control is a measure that is reducing risk. Controls include policies, processes and devices

24
Q

What is risk assessment?

A

Risk assessment is the ‘overall process of risk identification, risk analysis, and risk evaluation’

25
What is risk analysis?
Risk analysis is the 'process to comprehend the nature of risk and to determine the level of risk'
26
What is risk criteria?
Risk criteria are the 'terms of reference against which the significance of risk is evaluated'
27
What is risk evaluation?
Risk evaluation is the 'process of comparing the results of risk analysis with risk criteria to determine whether the risk and/or its magnitude is acceptable or tolerable'
28
What is risk treatment?
Risk treatment is the 'process of modifying risk' whether by ignoring it or creating controls